Professional Documents
Culture Documents
TECHNOLOGY
TM 3133
INDIVIDUAL PROJECT
SUBMITTED BY:
NOR IZZAIDAH BINTI HAMAD (A146406)
LECTURERS:
DR.ROSSILAWATI BINTI SULAIMAN
ENCIK AHMAD TARMIZI BIN ABDUL GHANI
1.0 INTRODUCTION
By using this encryption, the owner of this website can ensure that they have trying their
best to provide a secured online banking website to their customer. Based on a report by SSL
Lab, CIMB clicks website has a good rating of security. Their cipher strength and key
exchange for encryption have higher marks which are both above 80%. The report is based
on SSL server rating which was made on 2013. For overall rating this website got A. this
means that this website has a higher security and using a strong encryption to keep the
security of information given.
However, for the new SSL test of this website, it got C for overall but still the key
exchange and the cipher strength are above 80% and even they are more than before. It
shows that this website developer had upgrading their encryption method and still doing the
best in order to increase their website security.
SSL (Secure Sockets Layer) is the standard security technology for establishing an
encrypted link between a web server and a browser. This link will ensures that all the data
passed between the web server and the users browsers remain private and integral. SSL is an
industry standard and is used by websites to protect their online transactions with the
customers. Cimbclicks.com.my also one of the examples of websites that uses SSL to provide
a secured banking transactions experience to the customers.
In order to create an SSL connection, this website requires an SSL certificates. When they
choose to activate SSL on the web server, they will prompt to complete a number of
questions about the identity of the website. Then the web server will create two cryptographic
keys which are the private key and public key that will use in the encryption.
The public key does not need to be secret and will placed into a Certificate Signing
Request (CSR) which is a data file that also containing the details. During the SSL Certificate
application process, the Certification Authority will validate the company details and issue an
SSL certificate that contains the details and allowing them to use SSL. Then the web server
(in this example cimbclicks.com.my) will match the issued SSL Certificates to their private
key. Then, this web server will able to establish an encrypted link between the website and
their customers web browser. These complexities of the SSL protocol will remain invisible
to their customers. To complete the process, the customers browser and the web server will
exchange the key to encrypt and decrypt the messages. So that, a transaction will occur.
Not all the online internet banking services have a strong security and using a good
encryption to protect their customers information. But CIMB has provided a good one so far
which they got less complaint about the security of their websites by their customers.
Furthermore, this website also uses HTTPS rather than HTTP to increase their security and
also they are potentially vulnerable to Denial of service attacks due to its support of clientside-re-negotiation.
In addition, to ensure the privacy, confidentiality and integrity of the information which
are exchanged, disclosed, shared, stored or otherwise used on the system, cimbclicks.com.my
engaged the use of combination of the encryption with authentication and auditing
mechanisms which serve as a powerful barrier against all forms of system penetration and
abuse. The mechanisms that are developed in this website are such as username and
password protection and authentication, firewall and account locking. All of these are the
initiatives from the cimbclicks website team in order to provide a much secured site and give
their customers the best services.
As the conclusion, this website use encryption as a method to make the data is secured,
private and confidential. As a customer, they need to take a risk by using the online transactions.
They always need to be careful and make sure that they are on a correct website. They have to
not expose their username or password to public to avoid from scammers or others attack. As a
developer also, they need to follow the correct ways and try to build a secured one if the website
requires confidential information from the users.
Nowadays we know that, there a lots of security method that a developer can use to keep
the confidential, integrity and authenticity of a data used. Cryptography is one of them where it
can keep the security of the information. The harder the encryption that we used, the harder the
hackers can attacks the information and a brute force will take a longer time to do so.
REFERENCES
1. http://says.com/my/tech/best-worst-secure-online-banking-websites-malaysia-maybank2u2.
3.
4.
5.
cimbclicks-bank-islam
http://www.cimbclicks.com.my/
https://www.cimbclicks.com.my/security-policy.html
https://www.ssllabs.com/ssltest/analyze.html?d=cimbclicks.com.my&s=113.23.146.24
http://info.ssl.com/article.aspx?id=10241